Enterprise Reporter for Windows Servers

Windows Server and OneDrive for Business discovery and reporting across the enterprise

Enterprise Reporter for Windows Servers provides deep visibility into the security and configuration of Microsoft Windows Server, Azure, NAS devices and OneDrive for Business. Armed with this information, organizations can perform security assessments to understand who can access what data, how they got that access, as well as whether it can be shared with others inside or outside the organization. Perform pre-and post-migration analyses and optimize resource and license allocation. As a result, you’ll be empowered to perform more informed strategic planning and proactive management of the IT infrastructure.

Extend your visibility beyond file servers, Azure and OneDrive for Business to other on-premises and Office 365 environments with Enterprise Reporter Suite.

Cloud-based content posted to OneDrive for Business, including file and folder permissions and whether the content can be shared internally or externally

Compliance and security visibility

Gain visibility into the configuration of critical IT assets in Windows file servers, NAS devices and OneDrive for Business to comply with security best practices, internal policies and external regulations. Report on permissions and access to:

Correlate disparate IT data from numerous systems and devices into an interactive search engine for fast security incident response and forensic analysis. Include user entitlements and activity, event trends, suspicious patterns and more, with rich visualizations and event timelines.

Access assessment

Determine which users and groups have access to resources across your entire environment, including both on-premises and cloud-based storage. Tighten security by removing any excessive access permissions using Security Explorer, which is included with Enterprise Reporter Suite.

Pre- and post- migration assessment

Plan for a migration or consolidation project with increased visibility into where Azure resources, computers, files and folders on Windows Servers and OneDrive for Business exist. Easily decide what needs to be migrated before you begin and ensure the correct data and permissions were migrated after the move.

Hosted resource optimization

Optimize Microsoft Azure resource usage by gaining visibility into virtual machines and disk deployment, including how many, how large, how they are configured and more, so you can save on unnecessary and underutilized resources.

Local policy assessment

Make sure each local security configuration is aligned with domain-wide policies. Check local security policies, membership of local administrative groups and other security configuration information stored in registry keys.

Scalable data collection

Scale to Windows environments of any size. Schedule collections during off-peak hours to minimize the impact of data collection on network and server performance, and leverage the distributed collection architecture for load balancing.

Efficient storage

Reduce database storage requirements and save more change history data by comparing Windows Server discoveries and storing only the changes.

Customizable reports

Perform efficient, effective data analysis and satisfy the unique information needs of your organization using predefined reports or by creating new reports with even more attributes. Customize any report with advanced filtering, and choose from multiple formats, including PDF, HTML, MHT, RTF, XLS, XLSX, CSV, text and images.

Automated reporting workflows

Ensure stakeholders get the reports they need when they need them with automated report generation and delivery and flexible scheduling.

The Enterprise Reporter database is the storage location of all data collected for reporting. As such, the amount of hard disk space required is directly related to the amount of data being collected. The Database Size Estimator tool shipped with Enterprise Reporter can help determine how much space will be required.

SQL Server performance is needed to support inserting data into the database tables and to support querying that data for reporting purposes. To improve the performance of data collection or reporting, consider enhancing the SQL Server memory and processor.

Larger environments may have additional requirements for memory, processor, and hard disk space. There are many factors that can effect these requirements. For additional information please see release notes.

Enterprise Reporter can be configured to send discovery information to the following versions of IT Security Search. See the IT Security Search web site for the hardware and software requirements for your version of IT Security Search.

The following versions of SQL Server® are supported for the Enterprise Reporter database. See the Microsoft® web site for the hardware and software requirements for your version of SQL Server®:

SQL Server® 2017

SQL Server® 2016

SQL Server® 2014

SQL Server® 2012

SQL Server® 2008 R2

SQL Server® 2008 with Service Pack 2

SQL clusters and database mirroring are supported for your deployment, including

SQL Server® 2016 Always On

SQL Server® 2014 Always On

SQL Server® 2012 Always On

Using SQL Server Certificates

SSL Encryption of SQL Server Connections using Certificates

Enterprise Reporter can be configured to work with a SQL Server® instance. To secure communications while working with Enterprise Reporter, data sent over connections to the SQL Server can be encrypted using an SSL certificate.

The steps required to configure this encryption are as follows.

Using the Microsoft Management Console (MMC):

install the Certificates snap-in for the SQL Server® host computer

import the certificate to the SQL Server® host computer

Using SQL Server Configuration manager:

configure the SQL Server® to use the certificate

configure the SQL Server® to force encryption

Restart the SQL Server® host computer

Import the certificate to all Enterprise Reporter computers that will need to communicate with the SQL Server®, such as:

To collect Active Roles information, the following software is required on the computer where the Enterprise Reporter Configuration Manager is installed and on the computer where the Enterprise Reporter node is installed:

ADSI Provider (the version must match the Active Roles version)

For more information and installation instructions, see the Active Roles Quick Start Guide. The following additional considerations are required:

There must be a trust between the Enterprise Reporter domain and the Active Roles domain.

The credentials used for the Active Roles discovery must have access to the Active Roles domain.

Exchange Required Software

To collect Exchange® 2007 information, the following additional considerations are required:

Exchange® 2007 Management Tools must be installed on the computer where the Enterprise Reporter node is installed and must be in the same forest as the 2007 Exchange Organization.

It is highly recommended to put the computer where the Enterprise Reporter node is installed within the target Exchange® 2007 domain.

To collect Exchange mailbox folders, the following additional considerations are required:

Impersonation needs to be configured on the Exchange organization. Refer to your Exchange Server document or use the following method to set up role assignments.

Powershell can be used to add an assignment

New- ManagementRoleAssignment–

Name: impersonationAssignmentAdministrator-

Role: ApplicationImpersonation –User:Administrator

Alternatively, you can create an administrator role with ApplicationImpersonation role assigned to it and add the required account as a member (or assign ApplicationImpersonation role to an existing administrator role)

OneDrive Required Software

To collect OneDrive information, the following additional software is required:

NOTE: In addition, for OneDrive configuration settings to be collected successfully, an authorized connection must be established to the SharePoint Online service. To allow for credentials to be specified for your tenant, the “LegacyAuthProtocols” setting must be enabled on your tenant. To set this on your tenant, run the following commands using the Microsoft SharePoint Online Management Shell. This action must be performed on any node machine with Microsoft SharePoint Online Management Shell installed.

Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned

Import-Module -Name Microsoft.Online.SharePoint.PowerShell

Connect-SPOService -Url "<full tenant name>"

Set-SPOTenant -LegacyAuthProtocolsEnable $True

Disconnect-SPOService

Azure Required Software

To collect Azure information, the following additional software is required:

Resources

In this new report from the Information Security Community on LinkedIn, you will learn how your peers are approaching cybersecurity in the era of cloud, including the latest trends and benchmarks to gauge how your own organization stacks up.